The development of a digital environment has enabled a vast expansion in rapid communication and information transactions, among other things. However, the security paradigm used in this new environment is ancient: the concept of shared secrets and the concomitant trust. The paradigm of the shared secret has been incorporated into the digital environment in numerous ways—from usernames and passwords, to secure communications between users and systems. For example, this concept is foundational to the Secure Socket Layer, Certificate Authority, Public Key Information security infrastructure.
However, the digital environment is one in which secrets are difficult to keep for more than a short period of time, and once secrecy is lost the formerly secret information may be proliferated rapidly and with complete fidelity. The digital environment is also one in which shared secrets and credentials have become a primary target of “hacking” that has transformed many “secrets” (e.g., passwords, digital certificates, private information and other types of authentication data) into a commodity freely traded on the gray and black markets, destroying the benefit of such secrets for securing digital exchanges. Yet, the underlying security mechanism of the digital environment remains dependent upon the safe operation of this false assumption that the secret is still secret.
Verification of the presented identity of a computing device is a critical aspect of numerous electronic communications. However, the vulnerability of shared secrets, as well as the vulnerability of communications in transmission, dramatically undermines the reliability and security of digital certificates or other similar information for trusted device identity verification.